Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/JEmusumWCQn66mwo3N41fZYO1NY.roa
File:                     JEmusumWCQn66mwo3N41fZYO1NY.roa (raw, json)
Hash identifier:          Hbiu4JUHRSDt5nGj64Z4gH4WWv71t85FGwg5pb0NjRs=
Subject key identifier:   24:49:AE:B2:E9:96:09:09:FA:EA:6C:28:DC:DE:35:7D:96:0E:D4:D6
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01942826B674248697C7B81DE797806272F4
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/JEmusumWCQn66mwo3N41fZYO1NY.roa
Signing time:             Thu 02 Jan 2025 17:53:33 +0000
ROA not before:           Thu 02 Jan 2025 17:53:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58061
IP address blocks:        84.32.106.0/24 maxlen: 24
                          88.216.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:b6:74:24:86:97:c7:b8:1d:e7:97:80:62:72:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 17:53:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2449aeb2e9960909faea6c28dcde357d960ed4d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c2:84:37:ab:01:29:cf:9e:3c:ac:3e:6a:bf:
                    80:a6:94:c5:ed:50:c4:78:17:ae:28:f9:d2:df:6d:
                    6c:75:65:a4:43:c2:bb:93:da:41:4c:1d:16:8d:eb:
                    d9:b3:bc:aa:03:53:4b:a7:ca:28:05:c6:e4:4a:09:
                    df:a5:68:49:9d:4b:6d:23:8b:16:d4:ce:3b:e5:37:
                    37:5d:b1:3d:b3:fd:1b:9a:26:a4:70:7b:ce:f7:4a:
                    f3:3a:86:33:eb:3d:c6:d9:62:07:11:90:90:93:9b:
                    00:68:3c:f7:f5:9e:e9:b3:0c:89:70:ab:2f:15:61:
                    9f:6c:ea:5f:f1:c7:0f:2a:d5:29:d9:5e:55:d5:3f:
                    be:94:5c:5a:5a:14:eb:0b:16:8d:8c:be:e5:92:ad:
                    29:5d:6b:a5:e2:dd:c2:97:91:fe:3d:53:b3:21:09:
                    aa:85:16:3c:15:84:5f:ed:b4:02:23:ca:ca:32:4e:
                    bd:6f:c5:25:58:30:de:ff:c2:92:a5:e1:1d:a6:3d:
                    c1:cd:29:ca:bf:11:0b:79:6a:b4:34:e0:ce:cd:3a:
                    a6:49:75:60:c0:ae:ae:97:4f:47:9e:cd:0f:9c:99:
                    27:41:d5:b0:67:3e:d3:93:18:3c:ae:5f:eb:86:42:
                    5f:4e:0c:35:82:79:6a:09:4c:e7:a8:66:b6:10:c5:
                    98:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:49:AE:B2:E9:96:09:09:FA:EA:6C:28:DC:DE:35:7D:96:0E:D4:D6
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/JEmusumWCQn66mwo3N41fZYO1NY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.106.0/24
                  88.216.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:29:59:aa:82:47:ed:b0:bb:d2:15:7c:11:9d:6b:1d:e6:2d:
         a2:8c:68:dd:3e:b4:b3:d1:ec:90:f3:0c:c0:ec:94:84:91:16:
         08:4a:cb:31:2c:87:73:ef:02:b0:0d:dc:d4:97:6c:a4:e3:43:
         88:2c:21:11:bf:43:e3:8e:82:86:77:f4:1b:c8:67:d3:a3:47:
         6b:51:24:3b:1f:68:e5:7e:db:5f:b6:e5:26:63:2d:2c:5d:dd:
         ff:d6:73:9c:2b:17:36:54:2e:33:01:34:a6:e9:42:78:de:14:
         4f:da:5c:63:c4:57:3f:fc:03:0b:b1:81:32:89:f7:fb:db:96:
         d6:81:c0:66:83:f2:f6:4e:f6:6d:7b:05:3c:f1:41:c8:4b:28:
         82:4c:97:cc:29:93:28:56:eb:5b:e2:d6:44:ed:ab:e3:c6:e9:
         36:ff:e6:20:ea:dc:15:23:79:9a:32:27:00:5b:cf:82:08:85:
         ea:b3:8c:b7:61:f0:c3:2e:98:44:00:37:10:ca:1a:ab:e9:df:
         08:89:d9:8d:fe:44:0d:8d:37:0d:4f:23:6d:2a:a8:f2:0e:23:
         92:02:a0:dc:04:7d:75:cd:d7:98:93:8b:0d:25:53:4a:38:cf:
         12:d1:8d:0d:15:7a:b3:25:45:75:d0:38:1e:c1:11:4d:0c:df:
         f9:65:ab:55
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJrZ0JIaXx7gd55eAYnL0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwMTAyMTc1MzMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDQ5YWViMmU5OTYwOTA5ZmFlYTZjMjhkY2RlMzU3ZDk2MGVkNGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8KEN6sBKc+ePKw+ar+AppTF7VDE
eBeuKPnS321sdWWkQ8K7k9pBTB0WjevZs7yqA1NLp8ooBcbkSgnfpWhJnUttI4sW
1M475Tc3XbE9s/0bmiakcHvO90rzOoYz6z3G2WIHEZCQk5sAaDz39Z7pswyJcKsv
FWGfbOpf8ccPKtUp2V5V1T++lFxaWhTrCxaNjL7lkq0pXWul4t3Cl5H+PVOzIQmq
hRY8FYRf7bQCI8rKMk69b8UlWDDe/8KSpeEdpj3BzSnKvxELeWq0NODOzTqmSXVg
wK6ul09Hns0PnJknQdWwZz7Tkxg8rl/rhkJfTgw1gnlqCUznqGa2EMWYcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCRJrrLplgkJ+upsKNzeNX2WDtTWMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvSkVtdXN1bVdDUW42Nm13bzNONDFmWllPMU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVCBqAwQA
WNgrMA0GCSqGSIb3DQEBCwUAA4IBAQB/KVmqgkftsLvSFXwRnWsd5i2ijGjdPrSz
0eyQ8wzA7JSEkRYISssxLIdz7wKwDdzUl2yk40OILCERv0PjjoKGd/QbyGfTo0dr
USQ7H2jlfttftuUmYy0sXd3/1nOcKxc2VC4zATSm6UJ43hRP2lxjxFc//AMLsYEy
iff725bWgcBmg/L2TvZtewU88UHISyiCTJfMKZMoVutb4tZE7avjxuk2/+Yg6twV
I3maMicAW8+CCIXqs4y3YfDDLphEADcQyhqr6d8IidmN/kQNjTcNTyNtKqjyDiOS
AqDcBH11zdeYk4sNJVNKOM8S0Y0NFXqzJUV10DgewRFNDN/5ZatV
-----END CERTIFICATE-----